Return-Path: Delivered-To: apmail-announce-archive@www.apache.org Received: (qmail 60648 invoked from network); 25 Jul 2010 22:33:09 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 25 Jul 2010 22:33:09 -0000 Received: (qmail 24807 invoked by uid 500); 25 Jul 2010 22:32:54 -0000 Delivered-To: apmail-announce-archive@apache.org Received: (qmail 24323 invoked by uid 500); 25 Jul 2010 22:32:53 -0000 Mailing-List: contact announce-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list announce@apache.org Delivered-To: moderator for announce@apache.org Received: (qmail 97518 invoked by uid 99); 25 Jul 2010 21:02:20 -0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org MIME-Version: 1.0 Date: Sun, 25 Jul 2010 14:01:54 -0700 Message-ID: Subject: [ANNOUNCEMENT] Apache HTTP Server 2.2.16 Released From: Paul Querna To: announce@apache.org Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTP Server (httpd) 2.2.16 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release and immediate availability of version 2.2.16 of the Apache HTTP Server ("httpd"). This version of httpd is principally a security and bug fix release. Notably, this release addresses CVE-2010-1452 (cve.mitre.org), a remote denial of service bug in mod_cache and mod_dav. This release further addresses the issue CVE-2010-2068 within mod_proxy_ajp, mod_proxy_http, mod_reqtimeout. We consider this release to be the best version of httpd available, and encourage users of all prior versions to upgrade. Apache HTTP Server 2.2.16 is available for download from: http://httpd.apache.org/download.cgi Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.2.16 provides the complete list of changes since 2.2.15. A summary of security vulnerabilities which were addressed in the previous 2.2.15 and earlier releases is available: http://httpd.apache.org/security/vulnerabilities_22.html Apache HTTP Server 2.2.16 is compatible with Apache Portable Runtime (APR) versions 1.3 and 1.4, APR-util library version 1.3, and APR-iconv library version 1.2. The most current releases should be used to address known security and platform bugs. At the time of this httpd release, the recommended APR releases are: * Apache Portable Runtime (APR) library version 1.4.2 (bundled), or at minimum, version 1.3.12 * ARR-util library version 1.3.9 (bundled) * APR-iconv library version 1.2.1 (bundled only with win32-src.zip) Older releases of these libraries have known vulnerabilities or other defects affecting httpd. For further information and downloads, visit: http://apr.apache.org/ Apache HTTP Server 2.2 offers numerous enhancements, bug fixes, and performance enhancements over the 2.0 codebase. For an overview of new features introduced since 2.0 please see: http://httpd.apache.org/docs/2.2/new_features_2_2.html This release builds upon and extends the httpd 2.0 API. Modules written for httpd 2.0 will need to be recompiled in order to run with httpd 2.2, and may require minimal source code changes. When upgrading or installing this version of httpd, please bear in mind that if you intend to use httpd with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iEYEARECAAYFAkxMpTwACgkQ94h19kJyHwAQRwCfT6ctV3Y4Gz7HaL6ZtCgZeBe5 ODkAoKLmjxmlFMSF2Sv7PfypM3PlJm1F =6UNP -----END PGP SIGNATURE-----